PowerBuilder Authors: Chris Pollach, Yeshim Deniz, Jayaram Krishnaswamy, Kevin Benedict, Avi Rosenthal

Related Topics: PowerBuilder

PowerBuilder: Article

Custom Session Authentication in EAServer

Custom Session Authentication in EAServer

EAServer has a robust built-in security mechanism to safeguard your business components. Occasionally, it may be necessary to access a legacy security infrastructure to determine privileges or to log access.

In those situations EAServer supplies a way to extend its native security system. This article illustrates how EAServer custom security can be implemented using a PowerBuilder standard component.

Corporate information systems face many security threats. Some threats are addressed in software at the server level. Table 1 lists some threats and approaches to thwarting them.

These features are present in the standard product offering and can be configured by a system administrator to suit corporate security policy. Occasionally a custom security policy must be implemented to augment, extend, or substitute for the "out-of-the-box" solutions.

Why Add Custom Security?
There can be a variety of reasons, such as:

  1. EAServer components wrap access to a legacy system: Access rights to the legacy infrastructure govern access to the wrapper components.
  2. Session logging is mandated: Corporate policy mandates knowing who is accessing the system and when he or she is doing it.
  3. A corporate security infrastructure is already in place: EAServer needs to interface with that infrastructure.
How Do I Build Custom Security?
EAServer provides an interface - CtsSecurity::AuthService, a member of the CTSSecurity package - for performing custom authentication, access control, and security auditing at the session level. Session-level access means general access to the server. A client is either granted a server session or not. You build a PowerBuilder (or Java) component that implements the required method in the interface, adding in the method code to implement custom security behavior. Then you install the component in the server, configuring a server-level property that instructs EAServer to invoke the method on your component. Any time any client requests a session, your method will be invoked after all "standard" security checking is completed.

Step-by-Step Instructions
I'll assume that you already know how to create and deploy a PowerBuilder component into EAServer.

  1. Create a PBL to hold your security component
  2. Generate PowerBuilder proxies for all the components in the CtsSecurity package: Figure 1 shows a view of my Jaguar repository as seen in the PB proxy project painter. Figure 2 shows the generated proxies.
  3. Here's a patch you need to do in PB 7 to overcome a little bug that impacts this process: (I'm using version 7.03, build 10047. The bug is there.) Export the proxy for sessioninfo. Comment out the line that declares function SSLSessionInfo and reimport the proxy into your library. (If you skip this step you'll get errors when you attempt to deploy your component.)
  4. Create a standard Jaguar component: Don't forget to check automatic demarcation/deactivation, since this will be a stateless component. Also check support instance pooling to allow for maximum performance.
  5. Add the required checkSession function to your component: The method takes one argument by value of type sessionInfo and returns a long.
  6. As a convenience, declare two integer constants at the beginning of the function:

    constant integer authorized = 0
    constant integer not_authorized = 1

    These are the expected return codes. Your logic must return in one or the other values.

  7. Code your access logic: The sessioninfo object passed into checksession has many useful methods. Table 2 lists the method names together with a brief description of their function. The code in Listing 1 produces the output in Listing 2 to SRV.log.
  8. Deploy your component from PowerBuilder into EAServer.
  9. Install the component as an extension to the authorization process: To do this, right-click on your server in Jaguar Manager.
  10. Select Server Properties from the context menu: Click on the All Properties tab. Locate and select the property com.sybase.jaguar. server.authservice. Modify the property's value to contain the package/component name of your custom authorization component.
  11. Right-click on your server icon in Jaguar Manager, then shutdown and restart your server.
A word of caution: If your logic is incorrect and doesn't properly grant access to jagadmin or other key users necessary for Jaguar Manager access (yes, even Jaguar Manager sessions are authenticated), you'll need to directly alter the Server.props file in the Repository/Server folder. Edit the line containing com.sybase.jaguar.server.authservice and remove the package/component from its value, then restart your server. The authorization extension will be removed.

Note: For additional information you can examine the Interface Repository API documentation for CtsSecurity: AuthService. It's located by default at % Jaguar % CTS 3.5/html/ir/CtsSecurity.html, where % Jaguar % is the installation folder for EAServer.

More Stories By Yakov Werde

Yakov Werde, a 25 year IT industry veteran, is a member of TeamSybase and the newly formed Sybase Customer Evangelist Team. Yakov is a recognized author, speaker and trainer who has been designing and delivering PowerBuilder, .NET, EaServer, Web App Development, and Java training for over 14 years to corporate, military and government developers. Prior to discovering his aptitude as an educator, Yakov worked as an architect, project manager and application coder in the trenches of application software development. Yakov holds a Masters in Education with a specialty in instructional design for online learning from Capella University and a BS in math and computer science from Florida International University. Yakov, managing partner of eLearnIT LLC (www.elearnitonline.com), authors and delivers workshops and web based eLearning tutorials to guide professional developers toward PowerBuilder Classic and .NET mastery. Follow Yakov on Twitter as @eLearnPB

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.